Skip to content

Daily cleanup resources #275

Daily cleanup resources

Daily cleanup resources #275

Workflow file for this run

---
name: Daily cleanup resources
on:
workflow_dispatch:
inputs:
max_age_hours:
description: Maximum age of resources in hours
required: true
default: '20'
pull_request:
# the paths should be synced with ../labeler.yml
paths:
- .github/workflows/daily-cleanup.yml
- .github/actions/eks-cleanup-resources/**
schedule:
- cron: 0 1 * * * # At 01:00 everyday.
env:
MAX_AGE_HOURS: ${{ github.event.inputs.max_age_hours || '20' }}
AWS_PROFILE: infex
# please keep those variables synced with tests.yml
AWS_REGION: eu-west-2
TF_STATE_BUCKET: tests-eks-tf-state-eu-central-1
TF_STATE_BUCKET_REGION: eu-central-1
jobs:
cleanup-clusters:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.head_ref }}
fetch-depth: 0
- name: Install tooling using asdf
uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- name: Use repo .tool-version as global version
run: cp .tool-versions ~/.tool-versions
- name: Import Secrets
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
exportEnv: false
secrets: |
secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
# Official action does not support profiles
- name: Add profile credentials to ~/.aws/credentials
run: |
aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
- name: Delete orphaned resources
id: delete-orphaned-resources
timeout-minutes: 360
if: always()
uses: ./.github/actions/eks-cleanup-resources
with:
tf-bucket: ${{ env.TF_STATE_BUCKET }}
tf-bucket-region: ${{ env.TF_STATE_BUCKET_REGION }}
max-age-hours: ${{ env.MAX_AGE_HOURS }}
target: all
# There are cases where the deletion of resources fails due to dependencies.
- name: Retry delete orphaned resources
id: retry-delete-orphaned-resources
timeout-minutes: 360
if: failure() && steps.delete-orphaned-resources.outcome == 'failure'
uses: ./.github/actions/eks-cleanup-resources
with:
tf-bucket: ${{ env.TF_STATE_BUCKET }}
tf-bucket-region: ${{ env.TF_STATE_BUCKET_REGION }}
max-age-hours: 0 # the previous step alters the age and resets it to 0
target: all
- name: Notify in Slack in case of failure
id: slack-notification
if: failure() && github.event_name == 'schedule' && steps.retry-delete-orphaned-resources.outcome == 'failure'
uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@2723815da46088717a7b73c199aa005d8d5b27a1 # 1.2.8
with:
vault_addr: ${{ secrets.VAULT_ADDR }}
vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}